OAuth 2.0 client secret for Electron

Question

I'm implementing OAuth 2.0 in Electron to use the Google Calendar API and realize that a client_secret is required.

Searching around I see two options:

1. Hard-coding / Packaging the secret inside the Electron App. However, since Electron Apps actually have their source code accessible in the compiled app,the secret can still be extracted.
2. Using a proxy server (hosted myself probably) to obtain the OAuth URL myself and passing it to the client. However this seems to just move the problem somewhere else as I now have to ensure the security problems that arise from having to authenticate the user with my proxy server.

What are the best practices to do this as of now? If possible I want to avoid having the user go through the process of obtaining his own client_secret

Answer 1

This doesn't answer how to avoid bundling a client_secret but solves the problem.

For anyone wondering on how to do this for Electron,the docs mention that by selecting Other for the type it's okay to have the secret out in the public